Category Archives: software development

.net, ruby, security, software development, web authoring

Ruby interpreter flaws make the case for JRuby?

1 Comment

The official Ruby blog reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.

More discussion here and here. The community is fixing the problems energetically; but they do appear serious, and some are struggling with compatibility issues.

Since these seem to be bugs in the interpreter, it strikes me that this makes a good case for JRuby or in due course IronRuby, on the grounds that the Java and .NET runtimes are more mature. When I spoke to ThoughtWorks about its extensive Ruby work, I was told that JRuby is almost always used for deployment, partly because enterprises are more comfortable with it.

Technorati tags: , , ,
database, software development

Where is your SQL Server CE Database?

4 Comments

Maybe not where you think. Now, I admit I am three years late with this bug strange feature of Visual Studio but it wasted some of my time today so it is still worth reporting.

I’ve been writing about creating database applications in Visual Studio. Specifically, I was looking at what happens if you download Visual Basic Express and take the quickest, easiest route to knocking together a database application.

The default local database engine these days is SQL Server Compact 3.5:

When you create applications, the preferred local database is SQL Server Compact 3.5.

says MSDN.

OK, so you add a new database to your project and accept various defaults. The wizard then asks you whether you would like to “copy the file to your project and modify the connection”?

Sounds reasonable, if you can figure out what it means. Default is Yes, so OK do it.

Mistake. Don’t do that. Not, at least, without reading and understanding this document. But I digress. Next up, you are asked another question:

Storing connection strings in your application configuration file eases maintenance and deployment … do you want to save the connection string to the application configuration file?

It’s another option that sounds good. OK, do it.

Now you set up a little table or two, add some data-bound controls, and off you go. Run the app, enter some data, save it. Run the app again … and all your data has disappeared. Why?

Well, it has to be either that the updates are silently failing; or that the database file is getting overwritten. It’s the latter. It turns out that VB is treating your database like any other resource, and copying to bin/debug when you run the app. This is the copy you are connecting to, you update it, but next time you build and run it gets overwritten.

None of this is obvious, because when you look at the connection string in the application settings (which VB hides by default, sigh), it shows the database file in the root of your project folder. Click Test Connection, all is fine. The only warning sign is that the connection string looks like this:

Data Source=|DataDirectory|\test.sdf

So where is |DataDirectory| set? That’s not obvious either. Read here for the answer. It’s an application property that is not visible anywhere, that gets set to different values depending on how you deploy the app. I can see why someone thought this was a smart idea; but the implementation is horrible. It gives you the illusion of having one database file, when in fact you have multiple copies (source, debug, release etc) overwriting one another, and during testing you are never editing the correct one.

Once you have worked this out you can fix it, of course. But here’s another problem. You are the single user of a database. You insert a record and save it, using all the generated data-bound stuff that Visual Studio provides. Works fine. Then you edit the record you just inserted, and save again. Boom. Concurrency exception. Why?

It is all do to with a limitation of SQL Server Compact 3.5. It can’t handle multiple SQL statements. This means that a feature of the ADO.NET TableAdapter, called Refresh the Data Table in the configuration wizard, is not available. This option kicks in when you have an identity column that auto-increments, which is by the easiest way to create a primary key. In this scenario, the actual value of the identity column is not known until after you make the insert, because it is generated by the database engine. Normally, the TableAdapter would retrieve it with a Select statement immediately after the Insert statement. However, with SQL Server Compact 3.5 that does not work.

The result is that saving a record works fine, but next time around the row has an incorrect primary key in the DataSet. No wonder you get a concurrency exception.

You can work around this in code, of course. But what surprises me is just how hard Microsoft has made all this for the kind of newbie programmer who might pick up VB Express. In fact, easy database programming in VB has marched backwards since Visual Basic 3 back in 1993.

By the way, I also dislike the way VB adds so much database gunk to your main form, again by default. What if you add another form to your app? What if you want to delete the first form? It all gets messy fast.

Look at Ruby on Rails. It has simple database handling that works. OK, you are going to have to modify that code eventually; and I accept that database apps have an inherent complexity that no amount of wizards, O/R layers or even "Convention over Configuration” can remove. I still think that simple, single table, single user apps should be, well, simple. Not in VB, unfortunately.

microsoft, software development

Microsoft’s big break: failing competitors

The BBC has an article, prompted by Bill Gates’ retirement from Microsoft, on how the company thrived because of the failings of its competitors.

I find this ironic. What gave Apple its big break in music, and in gaining market share for the Mac? What gave FireFox its big break in web browsers? Maybe even Google’s success is enabled in part by Microsoft’s failure to compete effectively.

The description of the young, nimble Microsoft is quite a contrast with the company today, which takes around a year to get a product from a feature-complete development stage, to actual shipping.

Technorati tags: ,
linux, open source, software, software development, virtualization, windows

Wine is 1.0

Congratulations to the Wine community which has released Wine 1.0:

The Wine team is proud to announce that Wine 1.0 is now available. This is the first stable release of Wine after 15 years of development and beta testing.

Wine is a compatibility layer that enables Windows applications to run on Linux, Mac OS X, and other Unix-like systems.

Although in beta, Wine has been used in numerous commercial applications over the years. Two I can think of: WordPerfect 9 from Corel, and the Kylix IDE from Borland. More accurately, Kylix used Winelib, which uses the Wine API at compile-time rather than at runtime.

Another notable example is Google’s Picasa for Linux.

Despite this landmark, Wine seems less significant now than it did a few years back. For one thing, it is easier to write a cross-platform application. For another, web applications have grown in importance, reducing the number of native applications we need to run. Finally, virtualization is now a better, more compatible route to running Windows apps on Unix in many scenarios.

Technorati tags: , , , ,
adobe, apple, java, open source, silverlight, software development, web authoring

The RIA dilemma: open vs predictable

4 Comments

There’s recently been a bit of hype (RoughlyDrafted.com) for Charles Jolley’s Sproutcore, yet another JavaScript framework, mainly because Apple is using it as its “Cocoa for the Web”, according to AppleInsider.

I tried the sample controls demo in IE7 but it didn’t work quite right. For example, the Picker pane opened but would not close. Tried again in Firefox 3.0 and everything was fine.

I’ve got no idea what the problem is with IE7; it is probably because of weak standards support in IE. However, it illustrates the advantages of a plug-in like Flash, Silverlight or Java. With these platforms, the application is largely insulated from differences between browsers.

The snag with the proprietary plug-in approach is that the vendor may not support every platform equally. Microsoft is entrusting the bulk of Silverlight Linux support to a third party. There are also issues of control. Apple most likely does not want any runtimes on iPhone because they open up a route to application deployment that bypasses its App Store and 30% revenue share. Google seems wary of Flash; RoughlyDrafted says that is because of the risk of content being turned into “opaque binaries” that are beyond the reach of its contextual advertising analysis, but it may just be  reluctance to cede such an important part of its platform to a third party.

Still, as a developer in search of a predictable app platform I’d rather target a plug-in than trust the browser vendors to be sufficiently consistent, and the Javascript libraries sufficiently smart, to enable my code to run reliably everywhere. It is easier to get away with a requirement for, say, Flash 9, than to insist that users choose a particular browser or operating system.

There are other factors of course. On the Javascript + HTML side, there are advantages in that it extends rather than replaces the HTML model. Things like clipboard support just work. Plus, it runs on iPhone.

On the plug-in side, you get the fast execution of a JIT compiler, and easy use of graphical and multimedia effects that take effort to do in JavaScript, or can’t be done at all.

I would be interested in comments from developers about what RIA platform you are choosing, and why.

adobe, flash, microsoft, silverlight, software development, windows

Why developers don’t write apps for Vista

2 Comments

From Evans Data we get this statistic (email address required):

Only eight percent of North American software developers are currently writing applications to run on Microsoft’s Vista operating system, while half are still writing programs for XP, according to Evans Data’s Spring 2008, North American Development Survey. These same developers forecast a fragmented Windows market in 2009 with only 24 percent expecting to target Vista and 29% expecting to continue with XP.

Matt Asay picks this up, saying that 92 percent of developers are ignoring Vista.

Sorry, this is silly. Sane Windows developers are writing apps that work on both XP and Vista. Writing an app that only works on Vista is equally as short-sighted as writing an app that only works on XP. Even WPF apps work on XP. So what are these 8% of Vista-only developers doing? Targeting DirectX 10?

Or did they get a somewhat ambiguous questionnaire and were collectively inconsistent over which boxes they ticked?

I agree that Vista has some problems, but this is not a useful analysis.

Two more interesting questions would be:

1. What proportion of developers are starting new projects that are cross-platform rather than Windows-only?

2. What proportion of developers are starting new projects that run from the Internet with zero desktop install, or maybe just a plug-in dependency?

There is a reason why Microsoft is fighting to establish Silverlight, and why Flex and Flash are suddenly so interesting to developers.

Technorati tags: , , , , ,

flash, silverlight, software development

Quick code performance test for Flash vs Silverlight

Quick performance test for Flash vs Silverlight. This just counts prime numbers and doesn’t touch graphics or multimedia. See Bubblemark and GUIMark for some more comprehensive tests; I just put this one together to satisfy my own curiosity. More details, and the code to scrutinize, here.

Please don’t take this too seriously. I may have messed up the test; it is only one small aspect of performance; and there are lots of other factors to think about. I just find this sort of thing interesting.

Update: Note that both Flash and Silverlight have just-in-time compilers that dramatically speed this type of code.

Comments are welcome here.

Technorati tags: , ,
microsoft, software, software development, vista, windows

UK official tax CD caught by Vista’s virtual store

1 Comment

In the UK, HM Revenue and Customs issues an Employer CD-ROM which calculates tax and national insurance. Small businesses can use it to enter pay details through the year; then at the end of the tax year the application allows uploading of the data as the company’s formal annual submission.

Very handy; but clearly it’s important to backup the data. There is an entry on this in the CD’s online Help:

We recommend that you backup the data after each pay period and keep it separate from the computer.

Good advice; but the instructions puzzled me. It says all the data is in the program files folder (in breach of Microsoft’s guidelines, even though this is a 2008 CD), and that to backup:

Copy the folder named ‘Data’ to your chosen means of backup. (To copy, right click the folder and select ‘Send to’).

I found this surprising because on Vista the Program Files directory is read-only. I checked; and there is no user data in this folder on Vista. Instead, the data is in Vista’s Virtual Store, and you can find it at:

C:\Users\[Username]\AppData\Local\VirtualStore\Program Files\HMRC\Employer CD-ROM 2008\data

There’s a couple of issues here. First, why is the UK government sending out CDs that are not properly compatible with Windows Vista, more than a year after its release? The Virtual Store is a compatibility feature; it is not intended for long-term use.

More important, the backup instructions are plain wrong for Vista users. How many businesses out there have got carefully made backups of a folder that does not in fact contain their data?

In an official application used by many thousands of businesses, it’s a significant blunder.

internet, microsoft, software, software development

Digg-style bug reports = great feedback

1 Comment

Long Zheng’s Windows UX Taskforce is notable for several reasons. Zheng devised the site in order to give Microsoft feedback on quirks and annoyances in the Windows Vista user interface. He hid it by designing an application that lets users promote or demote user reports, Digg-style. To give you an idea, top of the list right now is that bewildering dialog that appears when trying to safely remove a USB thumb drive card reader – with 262 votes.

So the site is notable, first, for what it says about the Windows Vista UI; second, for what it says about the number of people who care about it and are willing to submit detailed feedback; and third, because it shows what a great way this is for managing bug reports and feature requests.

Actually, Microsoft already has something along these lines, called Connect. It’s fascinating to contrast Zheng’s quickly-assembled but easy to use site, which is attracting lots of users, with Microsoft’s site that is slower, more complex, and less compelling. It’s incomplete too. How do I submit feedback for Microsoft Word, for example?

It strikes me that software vendors have just been shown a simple and effective way to improve their products. I wonder how many will take it up?

internet, microsoft, software development, web authoring

Simple CRUD with Silverlight

I spent a couple of hours putting together a simple CRUD (Create, Retrieve, Update, Delete) application with Silverlight 2.0 beta 2.

Most of the examples I’ve seen use LINQ to SQL; that’s fine, but I wanted to do something without that intermediate layer. Having said that, I ended up in effect writing my own object-relational mapper. Still, it’s nice to know exactly what the code is doing.

I’ve described the project in a little more detail here.